Many cybersecurity firms talk a good game, but a new study has found that two prominent “ransomware recovery” firms typically pay the money to recover their clients’ data.

ProPublica traced payments from bitcoin wallets owned by recovery firms to ransomware operators.

One of those firms is alleged to be Proven Data Inc., a U.S. firm that claims, on its website, to have a success rate of 97.2% when it comes to data recovery. Along with a pile of claims —  a Better Business Bureau rating, a HIPAA compliance symbol and something to do with ISO 4 — the company has gained attention in the past for the wrong reasons.

A post on Dinbits in 2015 asked the question, “Which is worse? Bitcoin ransomware or removal services profiting from it?” and cited Proven Data front and center of the argument.

The other company cited as paying out ransomware requests is Florida-based MonsterCloud Inc. The company, like Proven Data, professes to assist its clients to solve ransomware attacks but was also allegedly found by ProPublica simply to pay ransoms in return for obtaining decryption keys to unlock client data.

“The firms are alike in other ways,” the report said. “Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.”

Why alleged service providers such as these finds willing clients who are happy to hand over cash comes down to a more insidious problem: ransomware.

“The payments underscore the lack of other options for individuals and businesses devastated by ransomware, the failure of law enforcement to catch or deter the hackers, and the moral quandary of whether paying ransoms encourages extortion,” ProPublica noted.

Image: christiaancolen/Flickr